Information on CVE-2015-3456 QEMU Vulnerability (VENOM)

Overview

VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Impact

Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.

Summary
  • Made public on May 13, 2015
  • This flaw exploits QEMU, a generic and open source machine emulator.
  • Allows for an attacker to access other virtual machines outside of their own.
Resolution

A patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers.

Continue reading “Information on CVE-2015-3456 QEMU Vulnerability (VENOM)”

How to Prevent Being Hacked by the Cross-site Scripting Vulnerability in WP Super Cache

The popular WordPress plugin WP Super Cache has been found to have a cross-site scripting (XSS) vulnerability in versions prior to 1.4.4. On sites with outdated versions, it is possible for an attacker to take complete control of the WordPress site. Please note: this vulnerability only affects users which have installed WP Super Cache. However, if you are unsure if you use the plugin or not you should still take precautions to protect your site.

Thankfully, this is vulnerability is simple to address; version 1.4.4, available now, contains a patch.

This tutorial is very similar to our tutorial on updating any WordPress plugin: How To Update a WordPress Plugin

Continue reading “How to Prevent Being Hacked by the Cross-site Scripting Vulnerability in WP Super Cache”

Information on CVE-2015-0235 (GHOST) Vulnerability for Red Hat and CentOS

A vulnerability found in the glibc library, specifically a flaw affecting the gethostbyname() and gethostbyname2() function calls, that allows a remote attacker to potentially execute arbitrary code. CentOS 5, CentOS 6, and CentOS 7 are potentially affected, thus we want to highlight the following information.

Liquid Web package repositories have been updated. Many servers (barring those with updates disabled) have received an update that patches this vulnerability, however, a reboot will still be required in those cases.

Continue reading “Information on CVE-2015-0235 (GHOST) Vulnerability for Red Hat and CentOS”

Information on CVE-2014-9322 Vulnerability for Red Hat and CentOS

A vulnerability found in the Linux kernel, specifically a flaw in fault handling associated with the Stack Segment (SS), allows an unprivileged user to potentially gain privileges. CentOS 4, CentOS 5, CentOS 6, and CentOS 7 are potentially affected, thus we want to highlight the following information.
Continue reading “Information on CVE-2014-9322 Vulnerability for Red Hat and CentOS”

Information on CVE-2014-6271 and CVE-2014-7169 Bash Vulnerabilities (Shell Shock)

On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.

While Liquid Web immediately began working to proactively patch this vulnerability, some servers may remain vulnerable depending on their update settings or other unforeseen intervening factors. Thus, we’ve provided the instruction below.

To Summarize:

  • This flaw exploits Bash, a Unix command-line shell run by default on most Linux servers.
  • Allows for remote code execution, and many types of command-line based attacks.
  • A patch is available, and your server can be easily updated.
  • We have tutorials on How to Update Bash on Red Hat and CentOS and How to Update Bash on Debian and Ubuntu.
  • Test the vulnerability of your server with the information below.

Continue reading “Information on CVE-2014-6271 and CVE-2014-7169 Bash Vulnerabilities (Shell Shock)”

Update and Patch OpenSSL on Ubuntu for the CCS Injection Vulnerability

What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the CCS Injection Vulnerability”?

The ChangeCipherSpec (CCS) Injection Vulnerability is a moderately severe vulnerability in OpenSSL, known formally as “SSL/TLS MITM vulnerability (CVE-2014-0224)“. As of June 05, 2014, a security advisory was released by OpenSSL.org, along with versions of OpenSSL that fix this vulnerability.

What are the risks?

This vulnerability is likely not as severe as the Heartbleed Bug. In some circumstances, this flaw allows an attacker to conduct a man-in-the-middle attack on servers running vulnerable versions of OpenSSL. The attacker would be required to intercept and alter network traffic, and do so in real time, to exploit the flaw; in that case, the attacker could potentially view and/or modify the otherwise secured traffic.

What should you do?
  • Update OpenSSL and reboot your server immediately.
  • After the server has been rebooted, change all passwords associated with the server.
Pre-Flight Check
  • These instructions are intended for patching OpenSSL on Ubuntu 12.04 against the “SSL/TLS MITM vulnerability (CVE-2014-0224)“.
  • I’ll be working from a Liquid Web Core Managed Ubuntu 12.04 server, and I’ll be logged in as root.

Continue reading “Update and Patch OpenSSL on Ubuntu for the CCS Injection Vulnerability”

Update and Patch OpenSSL on CentOS for the CCS Injection Vulnerability

What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the CCS Injection Vulnerability”?

The ChangeCipherSpec (CCS) Injection Vulnerability is a moderately severe vulnerability in OpenSSL, known formally as “SSL/TLS MITM vulnerability (CVE-2014-0224)“. As of June 05, 2014, a security advisory was released by OpenSSL.org, along with versions of OpenSSL that fix this vulnerability.

What are the risks?

This vulnerability is likely not as severe as the Heartbleed Bug. In some circumstances, this flaw allows an attacker to conduct a man-in-the-middle attack on servers running vulnerable versions of OpenSSL. The attacker would be required to intercept and alter network traffic, and do so in real time, to exploit the flaw; in that case, the attacker could potentially view and/or modify the otherwise secured traffic.

What do I do?
  • Update OpenSSL and reboot your server immediately.
  • After the server has been rebooted, change all passwords associated with the server.
Pre-Flight Check
  • These instructions are intended for patching OpenSSL on CentOS 6 against the “SSL/TLS MITM vulnerability (CVE-2014-0224)“.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “Update and Patch OpenSSL on CentOS for the CCS Injection Vulnerability”

Information on CVE-2014-0196 Vulnerability for CentOS and Ubuntu

A vulnerability found in the Linux kernel, specifically a flaw with the pseudo tty (pty) device, allows an unprivileged user to cause a denial of service (system crash) or potentially gain administrator privileges. A small number of CentOS and Ubuntu versions are vulnerable, thus we want to highlight the following information:

Continue reading “Information on CVE-2014-0196 Vulnerability for CentOS and Ubuntu”

Update and Patch OpenSSL for Heartbleed Vulnerability

What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the Heartbleed Bug”?

The Heartbleed Bug is a severe vulnerability in OpenSSL, known formally as “TLS heartbeat read overrun (CVE-2014-0160)“. As of April 07, 2014, a security advisory was released by OpenSSL.org, along with versions of OpenSSL that fix this vulnerability.

What are the risks?

In short, the risks are many. In most circumstances, this flaw allows an attacker to read the memory of servers running vulnerable versions of OpenSSL. This would allow attackers to impersonate users and services, and provide a means for data theft. For example, the exposed memory could include sensitive information such as private keys. If private keys are leaked, then it is possible that SSL certificates are compromised, and in that case should definitely be reissued.

What do I do?
  • Update and reboot your server immediately.
  • After the server has been rebooted, change all passwords associated with the server.
  • Consider getting your SSL certificates reissued.
Pre-Flight Check
  • These instructions are intended for patching OpenSSL on CentOS 6 against the “TLS heartbeat read overrun (CVE-2014-0160)” vulnerability.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “Update and Patch OpenSSL for Heartbleed Vulnerability”